The General Hospital Corporation and Massachusetts General Physicians Organization, representing Massachusetts General Hospital in Boston, has agreed to pay the U.S. government $1 million to settle allegations that the hospital system violated the HIPAA privacy rule, according to a news release from the U.S. Department of Health and Human Services.
The allegations involved the loss of documents consisting of a patient schedule containing names and medical record numbers for a group of 192 patients, along with billing encounter forms containing the name, date of birth, medical record number, health insurer and policy number, diagnosis and name of providers for 66 of those patients. These documents were lost on March 9, 2009, when a Mass General employee, while commuting to work, left the documents on the subway train that were never recovered.
Mass General has signed a Resolution Agreement with HHS, requiring it to develop and implement policies and procedures to safeguard patient privacy. The system has also agreed to enter into a Corrective Action Plan, which requires the system to develop procedures that ensure PHI is protected when removed from hospital premises, train workforce members on these policies and procedures and designate a director to conduct assessments of the hospital's compliance with CAP and submit semi-annual reports to HHS for a 3-year period.
Read the HHS release on Massachusetts General's settlement.
Read about other recent settlements from hospitals:
- Albany Medical Center to Pay $4.5M to Settle Nurse Pay Lawsuit
- New York's APS Healthcare Pays $13M to Settle False Claim Allegations
The allegations involved the loss of documents consisting of a patient schedule containing names and medical record numbers for a group of 192 patients, along with billing encounter forms containing the name, date of birth, medical record number, health insurer and policy number, diagnosis and name of providers for 66 of those patients. These documents were lost on March 9, 2009, when a Mass General employee, while commuting to work, left the documents on the subway train that were never recovered.
Mass General has signed a Resolution Agreement with HHS, requiring it to develop and implement policies and procedures to safeguard patient privacy. The system has also agreed to enter into a Corrective Action Plan, which requires the system to develop procedures that ensure PHI is protected when removed from hospital premises, train workforce members on these policies and procedures and designate a director to conduct assessments of the hospital's compliance with CAP and submit semi-annual reports to HHS for a 3-year period.
Read the HHS release on Massachusetts General's settlement.
Read about other recent settlements from hospitals:
- Albany Medical Center to Pay $4.5M to Settle Nurse Pay Lawsuit
- New York's APS Healthcare Pays $13M to Settle False Claim Allegations